DF > Have you packed your private key and the signed public key,
DF > together with the CA keychain, into a .p12 file yet?
Victor > how to do that? please guide me through
This has been answered previously at Adding an intermediate certificates to a pkcs12 file in JBoss.
Assuming you have a certificate and private key for example.com:
openssl pkcs12 -export -in www-example-com.crt -inkey www.example.key -out www-example-com.p12
Be sure your certificate (www-example-com.crt
above) has all the intermediate certificates required to build a valid chain; and not just the server's certificate. That means www-example-com.crt
will have multiple PEM entries.
Test it with the following. ca.pem
is your CA's root certificate.
echo -e "GET / HTTP/1.0\r\n" | openssl s_client -connect example.com:443 -CAfile ca.pem
You should finish with Verify return code: 0 (ok)
.